On 3/8/06, Daniel B. Thurman <dant@xxxxxxxxx> wrote: > > Hello, > > This is a modified repost from SELinux mailing list and > repeated here only because I was not sure where this message > is to be posted since it is a FC5-T3 issue. > > I have read previous posts regarding creating swapfiles > under SELinux and supposedly a fix was done but the circumstances > of this error is different. SELinux refuses to allow a relabel via mkswap. > > The steps to create a swapfile is: > > 1) dd if=/dev/zero of=/swapfile bs=1024 count=<SWAP-SIZE> > 1.5) New step: chcon -t swapfile_t /swapfile > 2) mkswap /swapfile > 3) swapon /swapfile > 4) Add entry to fstab > > A new security context of swapfile_t was added in FC-T3, and > supposedly added to mkswap as well. I have have the latest YUM > development updates for FC5-T3. > > Doing step (1.5) above results with a "relabel" Permission denied: > > > mkswap /swapfile > mkswap: unable to relabel /swapfile to swapfile_t: Permission denied > > /var/log/audit/audit.log shows: > > type=AVC msg=audit(1141837284.182:194): avc: denied { ioctl } for pid=3948 comm="mkswap" name="swapfile" dev=hda7 ino=107915 scontext=root:system_r:fsadm_t:s0-s0:c0.c255 tcontext=root:object_r:swapfile_t:s0 tclass=file > type=SYSCALL msg=audit(1141837284.182:194): arch=40000003 syscall=54 success=no exit=-13 a0=3 a1=1260 a2=bf9c1ed0 a3=bf9c39fb items=0 pid=3948 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="mkswap" exe="/sbin/mkswap" > type=AVC_PATH msg=audit(1141837284.182:194): path="/swapfile" > type=AVC msg=audit(1141837284.238:195): avc: denied { relabelfrom } for pid=3948 comm="mkswap" name="swapfile" dev=hda7 ino=107915 scontext=root:system_r:fsadm_t:s0-s0:c0.c255 tcontext=root:object_r:swapfile_t:s0 tclass=file > type=SYSCALL msg=audit(1141837284.238:195): arch=40000003 syscall=228 success=no exit=-13 a0=3 a1=250f66f a2=804a434 a3=b items=0 pid=3948 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="mkswap" exe="/sbin/mkswap" Is it possible that this is related to a problem I am seeing. When my machine crashes (locks up after a suspend and attempted resume), I have to reboot twice before I get a working system. The first reboot always stops with the X boot UI stating something like "Enabling Swap." When it freezes there, I have to cold boot. After cold booting, everything works fine. Any suggestions? Miles -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list